Idattend Pty Ltd Idweb vulnerabilities
30 known vulnerabilities affecting idattend_pty_ltd/idweb.
Total CVEs
30
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH13MEDIUM5
Vulnerabilities
Page 1 of 2
CVE-2023-26568P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26568 [CRITICAL] CWE-89 CVE-2023-26568: Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-27262P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-27262 [CRITICAL] CWE-89 CVE-2023-27262: Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-27255P2CRITICALCVSS 9.1≥ 9, ≤ 3.1.0522023-10-25
CVE-2023-27255 [CRITICAL] CWE-89 CVE-2023-27255: Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-27254P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-27254 [CRITICAL] CWE-89 CVE-2023-27254: Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26569P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26569 [CRITICAL] CWE-89 CVE-2023-26569: Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb applic
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26572P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26572 [CRITICAL] CWE-89 CVE-2023-26572: Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26578P2HIGHCVSS 8.8≤ 3.1.0522023-10-25
CVE-2023-26578 [HIGH] CWE-22 CVE-2023-26578: Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated a
Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.
nvd
CVE-2023-26584P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26584 [CRITICAL] CWE-89 CVE-2023-26584: Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb applic
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26582P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26582 [CRITICAL] CWE-89 CVE-2023-26582: Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26581P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26581 [CRITICAL] CWE-89 CVE-2023-26581: Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-27260P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-27260 [CRITICAL] CWE-89 CVE-2023-27260: Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26583P2CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26583 [CRITICAL] CWE-89 CVE-2023-26583: Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
nvd
CVE-2023-26573P3CRITICALCVSS 9.1≤ 3.1.0522023-10-25
CVE-2023-26573 [CRITICAL] CWE-306 CVE-2023-26573: Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allow
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
nvd
CVE-2023-27257P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27257 [HIGH] CWE-306 CVE-2023-27257: Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.05
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
nvd
CVE-2023-26580P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26580 [HIGH] CWE-306 CVE-2023-26580: Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.
nvd
CVE-2023-27258P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27258 [HIGH] CWE-306 CVE-2023-27258: Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
nvd
CVE-2023-26571P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26571 [HIGH] CWE-306 CVE-2023-26571: Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and ea
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
nvd
CVE-2023-26575P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26575 [HIGH] CWE-306 CVE-2023-26575: Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 an
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
nvd
CVE-2023-27376P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27376 [HIGH] CWE-306 CVE-2023-27376: Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb ap
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
nvd
CVE-2023-26570P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26570 [HIGH] CWE-306 CVE-2023-26570: Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3
Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
nvd
1 / 2Next →